USN-3414-2: QEMU regression

Ubuntu Security Notice USN-3414-2

20th September, 2017

qemu regression

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 17.04
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

USN-3414-1 introduced a regression in QEMU.

Software description

  • qemu
    – Machine emulator and virtualizer

Details

USN-3414-1 fixed vulnerabilities in QEMU. The patch backport for
CVE-2017-9375 was incomplete and caused a regression in the USB xHCI
controller emulation support. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control.
A guest attacker could use this issue to elevate privileges inside the
guest. (CVE-2017-7493)

Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation.
A privileged attacker inside the guest could use this issue to cause QEMU
to consume resources or crash, resulting in a denial of service.
(CVE-2017-8112)

It was discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host
Bus Adapter emulation support. A privileged attacker inside the guest could
use this issue to cause QEMU to crash, resulting in a denial of service, or
possibly to obtain sensitive host memory. This issue only affected Ubuntu
16.04 LTS and Ubuntu 17.04. (CVE-2017-8380)

Li Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An
attacker inside the guest could use this issue to cause QEMU to consume
resources and crash, resulting in a denial of service. This issue only
affected Ubuntu 17.04. (CVE-2017-9060)

Li Qiang discovered that QEMU incorrectly handled the e1000e device. A
privileged attacker inside the guest could use this issue to cause QEMU to
hang, resulting in a denial of service. This issue only affected Ubuntu
17.04. (CVE-2017-9310)

Li Qiang discovered that QEMU incorrectly handled USB OHCI emulation
support. An attacker inside the guest could use this issue to cause QEMU to
crash, resulting in a denial of service. (CVE-2017-9330)

Li Qiang discovered that QEMU incorrectly handled IDE AHCI emulation
support. A privileged attacker inside the guest could use this issue to
cause QEMU to consume resources and crash, resulting in a denial of
service. (CVE-2017-9373)

Li Qiang discovered that QEMU incorrectly handled USB EHCI emulation
support. A privileged attacker inside the guest could use this issue to
cause QEMU to consume resources and crash, resulting in a denial of
service. (CVE-2017-9374)

Li Qiang discovered that QEMU incorrectly handled USB xHCI emulation
support. A privileged attacker inside the guest could use this issue to
cause QEMU to hang, resulting in a denial of service. (CVE-2017-9375)

Zhangyanyu discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2
Host Bus Adapter emulation support. A privileged attacker inside the guest
could use this issue to cause QEMU to crash, resulting in a denial of
service. (CVE-2017-9503)

It was discovered that the QEMU qemu-nbd server incorrectly handled
initialization. A remote attacker could use this issue to cause the server
to crash, resulting in a denial of service. (CVE-2017-9524)

It was discovered that the QEMU qemu-nbd server incorrectly handled
signals. A remote attacker could use this issue to cause the server to
crash, resulting in a denial of service. (CVE-2017-10664)

Li Qiang discovered that the QEMU USB redirector incorrectly handled
logging debug messages. An attacker inside the guest could use this issue
to cause QEMU to crash, resulting in a denial of service. (CVE-2017-10806)

Anthony Perard discovered that QEMU incorrectly handled Xen block-interface
responses. An attacker inside the guest could use this issue to cause QEMU
to leak contents of host memory. (CVE-2017-10911)

Reno Robert discovered that QEMU incorrectly handled certain DHCP options
strings. An attacker inside the guest could use this issue to cause QEMU
to crash, resulting in a denial of service. (CVE-2017-11434)

Ryan Salsamendi discovered that QEMU incorrectly handled empty CDROM device
drives. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service. This issue only
affected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-12809)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 17.04:
qemu-system-misc

1:2.8+dfsg-3ubuntu2.5
qemu-system-s390x

1:2.8+dfsg-3ubuntu2.5
qemu-system

1:2.8+dfsg-3ubuntu2.5
qemu-system-aarch64

1:2.8+dfsg-3ubuntu2.5
qemu-system-x86

1:2.8+dfsg-3ubuntu2.5
qemu-system-sparc

1:2.8+dfsg-3ubuntu2.5
qemu-system-arm

1:2.8+dfsg-3ubuntu2.5
qemu-system-ppc

1:2.8+dfsg-3ubuntu2.5
qemu-system-mips

1:2.8+dfsg-3ubuntu2.5
Ubuntu 16.04 LTS:
qemu-system-misc

1:2.5+dfsg-5ubuntu10.16
qemu-system-s390x

1:2.5+dfsg-5ubuntu10.16
qemu-system

1:2.5+dfsg-5ubuntu10.16
qemu-system-aarch64

1:2.5+dfsg-5ubuntu10.16
qemu-system-x86

1:2.5+dfsg-5ubuntu10.16
qemu-system-sparc

1:2.5+dfsg-5ubuntu10.16
qemu-system-arm

1:2.5+dfsg-5ubuntu10.16
qemu-system-ppc

1:2.5+dfsg-5ubuntu10.16
qemu-system-mips

1:2.5+dfsg-5ubuntu10.16
Ubuntu 14.04 LTS:
qemu-system-misc

2.0.0+dfsg-2ubuntu1.36
qemu-system

2.0.0+dfsg-2ubuntu1.36
qemu-system-aarch64

2.0.0+dfsg-2ubuntu1.36
qemu-system-x86

2.0.0+dfsg-2ubuntu1.36
qemu-system-sparc

2.0.0+dfsg-2ubuntu1.36
qemu-system-arm

2.0.0+dfsg-2ubuntu1.36
qemu-system-ppc

2.0.0+dfsg-2ubuntu1.36
qemu-system-mips

2.0.0+dfsg-2ubuntu1.36

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References

LP: 1718222

Read More

Sonic Mania ‘Plays Perfectly’ on Linux via WINE

An official release of Sonic Mania on Linux is about as likely as the return of the name ‘Robotnik’ — but Linux users don’t have to miss out on all of the fun. The Windows version of Sonic Mania is playable on Linux using WINE — and that’s not just me saying that, that’s a bunch […]

This post, Sonic Mania ‘Plays Perfectly’ on Linux via WINE, was written by Joey Sneddon and first appeared on OMG! Ubuntu!.

Read More

Local Development Environment for Kubernetes using Minikube

Kubernetes can be an ultimate local development environment particularly if you are wrangling with a large number of microservices. In this post, we will cover how you can create a local development workflow using Minikube and tools such as Make to iterate fast without the wait imposed by your continuous integration pipeline. With this workflow, you can code and test changes immediately.

Read More

Architecting the Future with Abstractions and Metadata

Abstractions and metadata are the future of architecture in systems engineering, as they were before in software engineering. In many languages, there are abstractions and metadata; however, systems engineering has never adopted this view. Systems were always thought of as too unique for any standard abstractions. Now that we’ve standardized the lower-level abstractions, we’re ready to build new system-level abstractions.

Read More

Linux Administration – News and Blog